From 8098051268a06e6eae2de26e08b966fc12cbb454 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 24 Jul 2018 16:42:16 -0400 Subject: [PATCH] Use instal of session for systemPermission --- web/api/app/Controller/MonitorsController.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/web/api/app/Controller/MonitorsController.php b/web/api/app/Controller/MonitorsController.php index 212849f27..e339cfc42 100644 --- a/web/api/app/Controller/MonitorsController.php +++ b/web/api/app/Controller/MonitorsController.php @@ -119,8 +119,10 @@ class MonitorsController extends AppController { public function add() { if ( $this->request->is('post') ) { - if ( $this->Session->Read('systemPermission') != 'Edit' ) { - throw new UnauthorizedException(__('Insufficient privileges')); + global $user; + $canAdd = (!$user) || ($user['System'] == 'Edit' ); + if ( !$canAdd ) { + throw new UnauthorizedException(__('Insufficient privileges')); return; } @@ -153,7 +155,8 @@ class MonitorsController extends AppController { throw new NotFoundException(__('Invalid monitor')); } global $user; - if ( $user and $user['Monitors'] != 'Edit' ) { + $canEdit = (!$user) || ($user['Monitors'] == 'Edit'); + if ( !$canEdit ) { throw new UnauthorizedException(__('Insufficient privileges')); return; }